Port Range for avoid-v4-udp-ports OR port for resolv.conf nameserver
Mark Andrews
Mark_Andrews at isc.org
Mon Jul 14 00:22:18 UTC 2008
Also if your upsteam won't accept DNS queries from specific
ports they need to take a course in proper firewall design.
There is absolutely no reason to block queries from DNS
servers from specific ports.
It's a lazy firewall administator that blocks off offered
services unnecessarially.
It's not hard to keep offered services going even when
trying to block rampent virus vectors.
e.g.
allow from all to nameserver port 53
block from port xxxx to any.
or
allow from all to any port 53
block from port xxxx to any.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list